Webmin-alike cgi script and security

Dave Swegen dswegen at software.plasmon.com
Mon Jul 22 10:13:18 EDT 2002


On Mon, Jul 22, 2002 at 06:08:26PM +0400, Denis S. Otkidach wrote:
> On Mon, 22 Jul 2002, Dave Swegen wrote:
> 
> DS> The scripts themselves are run as the default webserver
> DS> user, and take
> DS> care of stuff like authentication and basic sanity checking.
> DS>
> DS> If all input checks out an external script is called using
> DS> sudo to gain
> DS> root privs. Any data that should be provided is pickled and
> 
> Adding webserver default user to sudoers is a bad thing anyway.
> It's better to use suexec with unique user, that will be used for
> this script only.

Thanks, this is exactly the sort of info I'm looking for.

Cheers
    Dave





More information about the Python-list mailing list